Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:D9B9FC84970C50AD5E593690D2A9D393
HistoryOct 30, 2013 - 12:00 a.m.

HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability

2013-10-3000:00:00
SAINT Corporation
www.saintcorporation.com
21

0.968 High

EPSS

Percentile

99.6%

JSON

Added: 10/30/2013
CVE: CVE-2013-2367
BID: 61506
OSVDB: 95824

Background

HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and application components.

Problem

HP SiteScope is vulnerable to remote code execution because the runOMAgentCommand in an APIBSMIntegrationImpl SOAP request does not properly sanitize user-supplied input. By supplying a windows shell command to the omHost key, an attacker can execute arbitrary commands with SYSTEM privileges.

Resolution

Upgrade to SiteScope v11.22 or higher.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-205/&gt;

Limitations

This exploit was tested against HP SiteScope 11.20 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows

Related

securityvulns 2
zdi 1
zdt 1
cvelist 1
saint 3
cve 1
checkpoint_advisories 1
prion 1
nessus 2
packetstorm 1
dsquare 1
d2 1
securityvulns
securityvulns
[security bulletin] HPSBGN02904 rev.1 - HP SiteScope running SOAP, Remote Code Execution
2013-08-12 00:00:00
HP SiteScope code execution
2013-08-12 00:00:00
zdi
zdi
Hewlett-Packard SiteScope SOAP Call runOMAgentCommand Remote Code Execution Vulnerability
2013-08-13 00:00:00
zdt
zdt
HP SiteScope Remote Code Execution Vulnerability
2013-09-10 00:00:00
cvelist
cvelist
CVE-2013-2367
2022-10-03 16:15:00
saint
saint
HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability
2013-10-30 00:00:00
HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability
2013-10-30 00:00:00
HP SiteScope APIBSMIntegrationImpl runOMAgentCommand SOAP Request Vulnerability
2013-10-30 00:00:00
cve
cve
CVE-2013-2367
2013-07-31 13:20:00
checkpoint_advisories
checkpoint_advisories
HP SiteScope SOAP Call runOMAgentCommand Command Injection (CVE-2013-2367)
2013-09-22 00:00:00
prion
prion
Design/Logic Flaw
2013-07-31 13:20:00
nessus
nessus
HP SiteScope SOAP Call runOMAgentCommand SOAP Request Arbitrary Remote Code Execution
2013-09-19 00:00:00
HP SiteScope Multiple Unspecified Remote Code Execution Vulnerabilities
2013-08-02 00:00:00
packetstorm
packetstorm
HP SiteScope Remote Code Execution
2013-09-09 00:00:00
dsquare
dsquare
HP SiteScope runOMAgentCommand 11.20 RCE
2014-01-13 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SITESCOPE
2013-07-31 13:20:00

0.968 High

EPSS

Percentile

99.6%

JSON
Related for SAINT:D9B9FC84970C50AD5E593690D2A9D393
securityvulns2zdi1zdt1cvelist1saint3cve1checkpoint_advisories1prion1nessus2packetstorm1dsquare1d21